Can Drones Be Hacked? Should You Be Worried?

As soon as you create a system that hinges on communication between two or more computer systems, you can be sure that somebody is going to try and hack it sooner or later.

That’s the world we unfortunately live in today.

But what does this mean for drones and their operating systems? After all, they run on a connected framework that is constantly sending signals between the ground control and the UAV.

Can your drone be hacked? And if so, how likely are you to fall victim?

We explore these questions and others in this guide.

Can Drones Be Hacked?

It is common knowledge among tech heads that any device that transmits data can have that data intercepted. This happens across the board with all sorts of devices, especially with the rise of the internet of things.

Connected cars, fridges and printers are just some examples in a long list of devices that are capable of being hacked. And that list also includes drones.

Drones, like other connected devices, can be hacked by malicious actors that are savvy enough to know what they are doing.

Security researchers have shown that many consumer drones and some commercial drones have software vulnerabilities that make hacking drones less difficult that one might imagine.

For example, a security team at John Hopkins University was able to find multiple ways to gain control of a popular recreational drone while it was midflight. This exercise was done as part of a research study on the potential security concerns over the rising popularity of drones among hobbyists.

Drone hacks have even been shown to be possible while the drone is a mile away from the hacker.

But this is not exactly news.

Drone hacks have been a thing for years. Not only that, they are actually part and parcel of anti-drone tactics used on the battlefield. As drones become more core to modern warfare tactics, drone hacking has become just as important.

For example, in 2011 the Iranian military was able to successfully take over control of a US drone and landed it in Iranian territory.

The Iranians accomplished this by jamming the frequency that the drone used to navigate by GPS. As a back-up, the drone searched for unencrypted frequencies in order to decide on where to go.

The Iranians capitalized on this by sending a message to the drone instructing it that it was near its home. In reality, it was quite far away, deep into hostile territory.

The drone went into land mode and descended into the waiting arms of Iranian officials, miles from where it should have been.

This episode serves to put things into perspective about just how possible hacking drones is.

If military drones with top of the shelf encryption can be hacked and sabotaged, then vulnerabilities are going to be more glaring for the recreational drone you bought at the local store or online.

Drone hacking methods are usually very similar to what happened to the American drone in the Middle East. First the hacker tries to disrupt the signal between the pilot and the drone, and this is sometimes done using malware.

Once the disruption is achieved and the connection between drone and ground control is severed, the hacker can take over the drone in a variety of methods and the hack is complete.

You as the pilot could potentially lose control of your drone forever, unless you regain control.

But not to worry, most drone hacks are mere pranks which people play on each other, rather than any malicious attempt at something sinister.

Let’s be realistic here, it would be very tough for someone to hack your drone whilst it’s in your home, then fly it outside and off into the distance.

How to Hack Drones

James Dale, a UK cyber security expert, thinks we are yet to fully realize the magnitude of the threat posed by drone hackers.

According to him, “Equipment is now available to hack drones so they can bypass technology controls”.

He goes on to elaborate in an example, saying “there are now regulatory controls, in some regions, to force drone operators to use geofencing systems. Yet, there are examples of online vendors selling software and hardware modifications for drones, which are designed to disable these ‘No Fly Zone’ limitations.”

Drone operators can even hack their own drones to bypass controls and safeguards that have been put there by manufacturers and regulators.

There are even companies that cater to this market now.

For example, the Russian software company Coptersafe sells the sort of software and hardware modifications which James Dale talks about. And you can get it for a few hundred dollars.

Anybody can buy a drone from a retailer, purchase the modifications, and then become able to send their drones into no-fly zones and restricted areas such as military bases, airports, and government compounds. Although doing so would be highly illegal and would likely land you with a large fine and jail time.

While this might be amusing to some, it highlights a flaw that has resulted from the rapid expansion of the drone market worldwide. Demand for drones is climbing fast, and manufacturers have it all to do in order to keep up the supply.

In their mad rush, manufacturers tend to think of security last. Cyber security is simply not at the top of the list of priorities when these unmanned aerial vehicles are being assembled.

And so we get machines that come with a few backdoors that drone hackers can exploit. Here are a few ways in which drone hacks can be executed:

• Drone navigation is a favorite target. Your drone’s navigation system is based on the Global Position System (GPS). And it is possible for a bad actor to break through the encryption of this communication channel. One way to do this is to feed fake signals to the targeted drone so that it gets effectively lost. Because signals are used, this kind of attack can be executed from far away.
• If a hacker knows the flight controller systems well enough, they can be a little more direct in their attack. A hacker can gain access to your drone using brute force attacks. The captured video footage can then be manipulated to mislead the drone pilot and influence ground operations.
• Drones often get fitted with sensors; this makes them versatile and useful across many industries. At the same time, it makes them somewhat vulnerable to drone hacks. The gyroscopes, for example, can be misled by way of an external audio source. Drone hackers can take advantage of a design feature like this to influence sensor reading with false data.
• The control systems on board a drone are effectively small computers. And this makes these systems, both in the drone and in the ground control vulnerable to malicious software or “maldrones” (malware for drones). Recently, the founder and CTO of CloudSEK, Rahul Sasi, discovered a backdoor in the Parrot AR drone and realized it could be exploited by unscrupulous actors with malware. Hackers can also inject false data to deceive drone operators. Malware like this can be installed quietly without any visible sign to give the operation away to the drone pilot. The consequences of operations like this on a drone used for military purposes cannot be overstated.
• Drone hacking can also involve hijacking the control and command signal between the drone and its pilot. Compromising the signal affects a drone in a manner similar to jamming GPS which we have already outlined. Radio signals that drones use to communicate with the ground control are usually not secure and can be decoded by way of a packet sniffer. If a computer hacker succeeds in hijacking the command signal in this way, they may gain part or complete control of the UAV and its attending systems, including camera and other sensors.
• Another drone hack takes advantage of the ADS-B system which the Federal Aviation Administration uses for air traffic coordination. UAVs and other aerial vehicles use this system to communicate between one another and avert collisions. A compromised drone could be influenced to broadcast fake ADS-B signals. These false signals could confuse other aircrafts at an airport, potentially endangering the lives of many.
• Downlink threats also constitute a potential weak spot. Drone hackers can intercept video, data, and image broadcast being channeled from the drone to the ground station. These signals are usually transmitted in unsecured radio format that makes them, theoretically, vulnerable to interception by anyone who is in range. Consumer drone models are especially vulnerable to this sort of attack since transmissions are usually not encrypted.

Swarms of Hijacked Drones

Hacking drones could easily evolve into a concept that involves hacked swarms.

In 2016, Samy Kankar, an American security researcher, showed how to hijack a drone from one mile away by way of using run of the mill radio waves to compromise the drone’s software.

He succeeded in making the drone accept that he was the real pilot, allowing him total control.

And then he took his hacking capabilities further by creating a device called Skyjack.

If Skyjack is attached to a drone and scanned for nearby drones with MAC addresses, it could hack these devices and grow a swarm of drones under the influence of one sole hacker operating nothing but an affordable Raspberry Pi computer.

What Are the Dangers of Hacked Drones?

When a drone is hacked, it can become a threat to safety, data security, data integrity, and privacy.

Different drone hacks have different effects on drones. Depending on what the effect is, a drone hack can be caused to:

• Become unresponsive
• Crash into a building, person, or vehicle
• Fly away in order to be stolen
• Give false data
• Divulge sensitive transmitted data
• Change flight data
• Alter waypoints
• Set a different home position
• Capture data and image streams

Pretty much anything that the real owner would be able to do.

Criminals and other bad actors may take over a drone to anonymously spy and gather intelligence for an operation like a robbery.

Compromised drones can be used to invade privacy or breach the secure physical or Wi-Fi perimeters of enterprises.

Finally, the real risk of terrorists taking control of a drone or multiple drones to carry out an attack must be acknowledged.

How to Prevent Your Drone Getting Hacked

Most manufacturers provide basic security measures to minimize the possibility of drone hacks. Towards this end, drone flight and management platforms are being developed to control all functions with an encrypted, unified interface that is more secure

But weaknesses still exist.

And the hackers know this. There are many websites in the US, the EU, and Russia that list vulnerable drones and possible tools and scripts that would hack them.

So we are yet some way away from fully secure drones, as long as these vulnerabilities exist.

While manufacturers tackle the problem from that end, you can do your own part and improve the security of your drone. Here are a few ways you can go about this:

First of all, make sure that the firmware in your drone is not outdated at any time. You want to also make sure to use a strong password for the ground station app.

Set a capof one for the number of devices that can connect to the access point.

You can also use a secured remote-storage provided with two-factor authentication and full encryption.

Secondly, you can use a VPN to secure and make anonymous your digital connection from your laptop or smartphone to your storage server. Ensure your laptop or mobile device has strong anti-virus software and is free from malware. Malware could easily be used to bypass all these precautions to lift login details and extract data.

Should I Be Worried About My Drone Getting Hacked?

Drone hacks are often due to people trying to prank each other. But not always. The rising number of drones in circulation should be an indicator of how quickly the treat of drone hacks is rising as well.

Drones are not only used as recreational tools either. They are used in many industries where one rogue drone could cause a lot of damage to the tune of millions if care is not taken.

So, drone operators should take every reasonable precaution that lies available to them. Don’t get paranoid, these threats are minimal and almost no-one has experienced them happening, but remain watchful and secured as you operate your drone.